[ISN] European 'safer Internet' site hit by hackers

From: InfoSec News (isnat_private)
Date: Fri Jun 08 2001 - 00:44:18 PDT

  • Next message: InfoSec News: "[ISN] Rebuttal to "CISSPs - Do You Know Your Organization" by anonymous"

    June 07, 2001 
    Hackers embarrassed the European Commission this week by identifying
    and exploiting two security holes on a new commission-sponsored Web
    site that promotes safer use of the Internet.
    One of the holes allowed the hackers to get administrator privileges
    on the server that powers the Safer Internet Exchange site, according
    to a security analyst who asked not to be identified. The other flaw
    involved an e-mail distribution list that was left unsecured, allowing
    intruders to retrieve the names and e-mail addresses of the people on
    the list.
    Tara Morris, project manager for the Web site and a consultant at
    Birmingham, England-based Ecotec Research and Consulting Ltd., said
    the two holes were both plugged yesterday morning. The incident is
    still being investigated, he added, while declining to detail how
    deeply the hackers were able to penetrate the affected server.
    Morris didn't specify the security flaw that provided access to the
    e-mail distribution list, which has about 600 subscribers. He said the
    other hole was linked to a known vulnerability in Microsoft Corp.'s
    Index Server software, which provides the behind-the-scenes
    functionality needed to do searches of Web sites that are powered by
    Windows-based servers.
    The Safer Internet Exchange site was officially launched last month by
    the Brussels-based commission, which functions as the executive body
    of the 15-member European Union. The Web site is part of a broad
    campaign to make the Internet safer for European citizens and
    businesses, and Morris said it's specifically aimed at helping to
    eradicate illegal and harmful Internet content.
    The disclosure of the security flaws came just one day after the
    European Commission said it has started developing an antihacking law
    as part of a series of proposals that are meant to increase the level
    of information security in the region. Other steps being considered
    include the creation of a central virus-fighting unit and increased
    cooperation among national computer emergency response teams in
    different countries.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 02:52:48 PDT